CVE-2021-26736Improper Input Validation in Client Connector

CWE-20Improper Input ValidationCWE-22Path Traversal3 documents3 sources
Severity
7.8HIGHNVD
CNA6.7
EPSS
0.0%
top 90.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zscaler Client Connector
Timeline
PublishedOct 23

Description

Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zscaler/client_connector< 3.6

🔴Vulnerability Details

2
CVEList
ZApp Installer Privilege Escalation Vulnerabilities2023-10-23
GHSA
GHSA-cmfg-v75g-8wm3: Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 32023-10-23
CVE-2021-26736 — Improper Input Validation | cvebase